Blog.

Are you new to OSINT? You may have questions. How can you start? What are the best resources in the OSINT community? This page will provide you with some resources that will give you an understanding of how OSINT can be utilized.

This post will focus on the following areas: Relevant Software Applications, Operating System Settings, Devices, Browsing Habits, and Online Accounts.

Relevant Software Applications

Install, update and use antivirus software, there are several free options available as noted in this table: www.pcmag.com/article2/0,2817,2388652,00.asp If you go for a paid antivirus, the recommendation is Bitdefender.

Install, update and use anti-malware protection such as Malwarebytes to detect and block malware in real-time. Link to free download: www.malwarebytes.com/mwb-download

Install, update and use CCleaner to clean out unwanted files and make your computer faster. Link to free download: www.ccleaner.com/ccleaner

Operating System Settings

Update your operating system and set up automatic updates. This is your best bet to prevent hackers from exploiting vulnerabilities through outdated operating systems.

Password protect all your devices including computers, phones, iPads, tablets, etc. This is one of the easiest ways to protect yourself. Use complex passwords and different passwords for each service using a combination of letters, numbers and symbols to create strong passwords. Use a password manager like LastPass to remember all your passwords.

Use encrypted chat to communicate with family and friends. WhatsApp is encrypted and free to use. You have several other options such as Signal, Telegram, and Viber etc.

Browsing Habits

Use the latest version of your web browser to prevent security vulnerabilities.

Do not trust public Wi-Fi in locations such as hotels, coffee shops, and airports. If you do, make use of a virtual private network (VPN).

Use a VPN for an extra layer of security. Using a VPN will hide your IP address and location. When you use a VPN, your internet traffic is encrypted and tunneled through a remote VPN server. For more info on VPN software, check out this helpful post: www.pcmag.com/article2/0,2817,2403388,00.asp

Use privacy driven browsers such as Searx, DuckDuckGo, Startpage, Yippy, and Qwant.

HTTPS Everywhere – automatically connects you to websites via HTTPS for more security.

Incognito browsing does not make you anonymous. Your internet service provider and employer can still see what you are viewing. It does protect you from your history being stored on the computer.

Use the TOR browser if you want a decent level of anonymity. Use a VPN such as Nord VPN or Private Internet Access in conjunction with the TOR browser if you want really good anonymity. Find download instructions for TOR here: www.torproject.org/download/download. Once you have downloaded TOR, you should open TOR and verify that it worked by going to https://check.torproject.org. This site will confirm if you are using TOR.

Online Accounts

Set your security settings high on your current social profiles.

Think about what you post, e.g., don’t post photos in front of your house that show your home address.

Delete old accounts including social media accounts and email addresses.

Have you ever wanted to know what Google collects about you? View and download a copy of all your Google data. Link for download: https://takeout.google.com/settings/takeout

Did you know that your iPhone tracks every location you visit? They call it significant locations. You might already have this feature turned off but you can double check. You can view the tracked locations, delete history, and completely turn off the tracking. You will find these locations in Settings > Privacy > Location Services > System Services > Significant Locations. From here you can view all the cities you have visited and the times and dates as well.

You can also check if your significant locations are turned on your Mac. Find them in System Preferences > Security & Privacy > Privacy > Location Services> System Services > Details > Click on details next to significant locations. From here you can see if any significant locations were saved.

Today we outlined only some considerations when attempting to protect yourself online. Of course, there are numerous other precautions you can take to protect your security online depending on specific threats. Due to the ever-evolving digital age, we must take it upon ourselves to keep up with new security features.

​One of the comforts for human beings all over the world is when we have somewhere to call home. For Saroo Brierley home was very far away. Hailing from a small village in India, Saroo was accidentally separated from his family in 1986 when he fell asleep on an empty train that travelled somewhere between 12 to 15 hours and took him 1000 kilometres away from home. Saroo was just 5 years old and ended up on the streets of Calcutta. After the authorities failed to locate his family, he was sent to an orphanage where he was adopted by an Australian couple in 1987 and grew up in Tasmania, Australia.

Interested and keen on finding where he came from and where his family was, Saroo started searching for answers. More than 25 years later and years of searching he found his family using the internet. Saroo calculated the hours he spent on the train back in India and the speed of trains in 1986 in order to create a radius around the city of Calcutta. From there he narrowed down where he would search on Google Earth where he explored 962,300 square kilometres of territory to find his way back home.

How did Saroo use open source tools to help him find his way home? He used three tools from the online world: Google Earth, Facebook, and YouTube.

Google Earth to look at the satellite images and identify landmarks he recognized childhood memories such as a water tower. Saroo remembered his home was a town within the city of Khandwa and it was called Ginestlay. In 2011, Saroo found his hometown of Khandwa on Google Earth.

Facebook to communicate with locals to confirm landmarks. Once Saroo identified his hometown on the map he went to Facebook and found a group called Khandwa: my home town. He asked the group if anyone knew about a town in Khandwa that started with the letter G, suggesting the possibility of it being called Ginestlay. Someone from the group answered with Ganesh Talai – Saroo was taken back, this was a remarkable discovery as he realized that as a child he has been mispronouncing his place of birth as Ginestlay.

YouTube to watch videos of the train station in Khandwa that he suspected was his hometown.

In 2012 Saroo reunited with his family in Ganesh Talai. As I was reading this story I felt a great sense of optimism with how open source was applied in this case. We often hear stories in the news about open source websites being used for malicious purposes, but rarely do we hear stories where open source was used for good in our world. This remarkable and inspirational story was published by Saroo as a bestselling book called 'A Long Way Home: A Memoir”. The book was adapted to a movie titled 'Lion', and the book was renamed the same. The reason for choosing the title of the movie and book as 'Lion' is because Saroo had been mispronouncing his name since he was a child; his mother named him Sheru which means Lion in Hindi. Here’s to happy endings!

Open source is defined as publicly available information, i.e. information that any member of the public can lawfully obtain. In order to conduct research on individuals or businesses, OSINT is used by various organizations such as law enforcement, investigative journalists, and law firms.​Information to start your research can include a name, email address, phone number, home address, website, business name, etc

You can harness the power of the tools available to you by determining where to look for information among both the Surface and Deep Web. The Surface web is what you find when you search using traditional search engines like Google and Bing. The Deep web is a place on the internet where traditional search engines typically do not have access; keep in mind that a vast majority of material on the internet is held within the Deep web.

Some starting points if you have a name, phone number or email address are:

Google

Bing

Pipl.com

Hunter.io

Spokeo.com

Usersearch.org

Always remember to protect your privacy when conducting your open source research. There is more than one way to protect your identity online. For example, you can anonymize your identity by:

Using a Virtual Private Network

Using the TOR browser

​Another factor to consider when researching online is critical thinking which is paramount to conducting open source research. Remember it’s not Open Source Intelligence (OSINT) if you just find someone’s Facebook or other social media account, ask yourself what value does it add to the investigation? What would be relevant to the investigation? Ask yourself the who, what, where, when, and how questions.​Create the necessary linkages and associations between entities of importance; this is where you give meaning to raw information you originally collected. Analyze open source information you locate, and turn it into intelligence.

OSINT is not collected, it is produced, and remember that intelligence is the outcome of information being evaluated and analyzed. One of the ways to learn more about OSINT is to immerse yourself in current content in the field; read and explore OSINT related books and blogs.